Base names in iOS's shared library cache are non-unique, which causes "jtool -e all" to extract some of them to the same path, thus overwriting the previously extracted ones.For example, ChatKit exists twice, once as a private framework and once as a springboard plugin:

Could you either add an option to rebuild the entire cache, including directory structure, or handle non-unique base names in some other way?Also, for options that produce a single output file, could we please get an -o option?Would be much appreciated.

THAT isn't an easy fix. R0 is indeed the return value, but one can't figure out the return value without running the framework func/library call.

I actually *am* working on JTool PRO for that (seriously), which would emulate the framework calls using a clever trick (which is terribly hard to execute). But that is somewhere in the future. For the moment, JTool simply can't predict calls - but hey - neither can IDA, or hopper.

Apart from that, the __LINKEDIT segment of extracted libs still takes up a lot of space (due to merging, as you explained in one of your articles).I assume each dylib from the shared cache is only affected by a small percentage of the commands in __LINKEDIT, right? If so, would it be possible to strip those commands that don't affect it?

It also seems that the __LINKEDIT segment is badly fragmented (jtool --pages WebKit):